Privacy Policy
Last updated:
1. Who We Are
This Privacy Policy explains how KontoMatch, a product of Gordian Analytics SA, Canton of Vaud, Switzerland (“we”, “us”, “our”), collects, uses, and protects personal data when you visit our website kontomatch.com (“Website”) or use the KontoMatch platform (“Service”).
Contact for all privacy inquiries: [email protected]
2. What Data We Collect
2.1 When You Visit Our Website
When you browse our Website without creating an account, we may collect: IP address, browser type, device information, pages visited, and referral source. This data is collected through Google Analytics with anonymised IP addresses. See our Cookie Policy at https://kontomatch.com/legal/cookies for details.
2.2 When You Create an Account
Name, email address, and password. Company name and billing address (if applicable). Payment method details are processed by Stripe and not stored by us.
2.3 When You Use the Service
Documents you upload (invoices, receipts, bank statements, and other financial files). Data extracted from your documents by AI processing. Matching results and export history.
2.4 When You Contact Us
Name, email address, and the content of your message when you email [email protected].
3. How We Use Your Data
We use your data for the following purposes:
- Providing the Service: Processing your documents, performing AI matching, generating exports. Legal basis: Performance of contract (Art. 6(1)(b) GDPR / Art. 31(2)(a) nDSG).
- Account management: Creating and maintaining your account, authenticating access, processing payments. Legal basis: Performance of contract.
- Website analytics: Understanding how visitors use our Website to improve it. Legal basis: Legitimate interest (Art. 6(1)(f) GDPR / Art. 31(1) nDSG).
- Communication: Responding to your inquiries, sending service-related notifications (such as payment confirmations or account alerts). Legal basis: Performance of contract and legitimate interest.
- Legal compliance: Meeting our obligations under Swiss and EU law, including tax record-keeping and responding to lawful requests from authorities. Legal basis: Legal obligation (Art. 6(1)(c) GDPR / Art. 31(2)(b) nDSG).
We do not use your data for advertising, profiling, or automated decision-making that produces legal effects.
4. AI Processing
Your uploaded documents are processed by third-party AI services, including Google Gemini (Google LLC), for text extraction, document analysis, and matching. Document content is transmitted to the AI provider’s infrastructure, which may be located outside of Switzerland and the EEA. Data transfers are governed by appropriate safeguards under applicable data protection law. We do not authorise AI providers to use your data for model training or purposes other than providing the Service. Full details are in our GTC Section 4 at https://kontomatch.com/legal/gtc.
5. Who We Share Data With
We share your data only with the third-party service providers necessary to operate the Service. An up-to-date list is maintained at https://kontomatch.com/legal/sub-processors.
We do not sell your data. We do not share your data with advertisers. We do not share your data with any party not listed on our sub-processors page.
We may disclose data if required by law, court order, or a binding request from a competent authority.
6. Where Your Data Is Stored
Your data is stored on servers in Germany and Finland (European Union), operated by Hetzner Online GmbH. During AI processing, document content may be temporarily transmitted to infrastructure outside the EEA. See Section 4.
7. How Long We Keep Your Data
Data retention depends on your pricing plan:
- Free plan: Uploaded documents retained for up to 3 months.
- Pay As You Go: Uploaded documents retained for up to 6 months.
- Starter and Pro: Uploaded documents retained for up to 10 years during active subscription with a valid payment method.
- Account data: Retained for the duration of the account plus any period required by law.
- Website analytics data: Retained for a maximum of 24 months.
If a paid subscription lapses, retention reverts to the free tier period after a 30-day grace period. We reserve the right to modify retention periods with reasonable notice. Users are responsible for maintaining their own backups.
8. Your Rights
Under Swiss nDSG and, where applicable, EU GDPR, you have the right to:
- Access your personal data.
- Correct inaccurate data.
- Request deletion of your data, subject to legal retention requirements.
- Export your data in a portable format (CSV, XLSX).
- Withdraw consent to AI processing at any time. This will result in the inability to use the Service.
- Object to processing based on legitimate interest.
- Lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC) at https://www.edoeb.admin.ch or, for EU users, with the supervisory authority in your country of residence.
To exercise any of these rights, contact: [email protected]
9. Data Security
We implement appropriate technical and organisational measures to protect your data. No method of electronic storage or transmission is completely secure, and we cannot guarantee absolute security.
10. Children
The Service is not intended for persons under 18 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected data from a person under 18, we will delete it.
11. International Data Transfers
If you are located in the EU or Switzerland, your data may be transferred to countries outside the EEA during AI processing. These transfers are governed by appropriate safeguards including the EU-US Data Privacy Framework and Standard Contractual Clauses where applicable.
12. Changes to This Policy
We may update this Privacy Policy from time to time. The current version is always available at https://kontomatch.com/legal/privacy. It is your responsibility to review this policy periodically. Continued use of the Service constitutes acceptance of the updated policy.
13. Contact
Gordian Analytics SA
Canton of Vaud, Switzerland
Email: [email protected]